Privacy policy for Diers Klinik ApS – Customers
Handling of information
Diers Clinic collects and processes a variety of personal data about you when you, as a customer, a known donor, or a potential customer, are in contact with the clinic during or prior to fertility treatment.
In this privacy policy, you can see in which way Diers Klinik handles, uses and shares your personal data.
Types of information
Diers Klinik collects and handles the following types of personal data about you as a customer (including depositor), a known donor, or a potential customer:
Common categories of personal data
Master data, i.e. name, personal identification number, email, home address, telephone number, as well as weight, height, smoking and alcohol habits, photo id, account number, occupation, information about purchased donor sperm (type and donor choice), the result of the treatment with the donor sperm as well as any partners name, personal identification number, weight, height, smoking and drinking habits.
If you log on to our website as a potential customer, we process information about your name and your e-mail.
Special categories of personal data (“sensitive personal information”)
Racial or ethnic origin, health information, including journal information regarding various health conditions, illness history, test results, tests, sexual relationships or orientation in the form of possible information about partner and marital status – thereby indirect information about the sexual orientation of the patient and any partner, genetic data (blood sample from the patient and/or known donor in some cases).
Purpose
We handle your personal data for the following purposes:
- The main purpose of the handling of personal data is to comply with the standards laid down for quality and safety in the collection, testing, processing, preservation, storage and distribution of sperm and to comply with the standards for assisted reproduction with donor sperm. The rules are laid down in the EU directive on tissues and cells and implemented in Danish legislation in the Danish Tissue Act, the Ministerial Order on tissue use, the Law on assisted reproduction in connection with treatment, diagnosis and research etc., and the Ministerial Order on assisted reproduction; for example
- Identification of serious adverse incidents and side effects
- Compliance with the rules on the number of children per sperm donor
- Ensuring traceability from donor to recipient and vice versa
- To comply with our obligations with respect to the applicable laws, including the Danish Tissue Act, the EU Data Protection Act, the Data Protection Act and other relevant health legislation; for example
- Duty to document.
- Adherence to the basic principles for the handling of personal data and adherence to the legal basis for the processing.
- Implementation and maintenance of technical and organizational security measures.
- Investigation of suspicion, or knowledge, of security breaches and reporting to individuals and the authorities.
- Handling of queries and complaints from registered people and others.
- Handling of inspections and inquiries from regulators.
- Handling of disputes with registered people and third parties.
- Statistical surveys and scientific research.
- To manage login on our website.
Providing information voluntarily
When we collect personal data directly from you, you provide personal data voluntarily. You are not under obligation to provide this personal data to us. The consequence of not giving us the personal data will be that we cannot fulfil the objectives stated above, nor will we be able to treat you.
Sources
In some cases, we collect personal data about you from other health-care professionals (by prior arrangement with you) or from laboratories in connection with testing. We treat the information received in accordance with this privacy policy.
Disclosure of personal data
When necessary, in any specific case, your personal data will be passed on and shared with the following recipients,
- Authorities, when required in accordance with tissue legislation, the law on assisted reproduction and other specific legislation – for example, the Danish Patient Safety Authority, the Health Agency and the Health Data Agency (SEI)
- Other fertility clinics according to a previous specific agreement with the patient/donor
- Laboratories according to a previous specific agreement with the patient/donor.
- Courier firms
- Forwarding e-mails to Diers IVF, that by mistake has been sent to Diers Klinik
Legal basis for the handling and sharing of personal data
The legal basis for collecting, handling and the disclosure of your personal data is:
- During the process, general personal data is collected, handled, and shared in accordance with the Data Protection Act under article 6 (1) (a), (b) and (c), whilst sensitive personal data is collected, processed and shared in accordance with the Data Protection Act under articles 9 (2) (a), (b), (f), (h) and (i).
- The obligation to collect, handle and share personal data in connection with fertility treatment with donor sperm is governed by, among other things, the rules which are laid down in the law on assisted reproduction in connection with treatment, diagnosis and research etc., in the Ministerial Order on assisted reproduction as well as in the EU-directive on tissue and cells, which is implemented in Danish legislation in the Tissue Act and the Tissue Ministerial Order as well as the Children’s Act.
- In addition, we are obliged to handle a variety of personal data about you in accordance with the Authorization Act under article 6, the Act on Healthcare Records (Medical Record Keeping Act) particularly §§ 5-10, as well as the Health Act under article 9.
Revocation of consent
If the handling of your personal data is based on consent, you have the right to revoke consent. If you withdraw consent, this does not affect any processing prior to the withdrawal of consent, including disclosure based on consent.
Use of data processors
Your personal data may be handled and stored by our data processors which store the data on our behalf and at our instruction. Our data processors include:
- Microsoft – Office 365
- Donkeypower (CRM-system)
- Logiva (Secure email)
- JDM (System Manager)
- Webbureau Infoserv (Company website)
- Laboratories, currently OUH-Odense University Hospital
Storage period
We store personal data about you for as long as we need to perform the above stated purpose.
Journal information, including health information, information about sexual relationships and genetic data, as well as identification information and master data i.e. the customer’s name, personal identification number, as well as weight, height, smoking and alcohol habits, picture ID, email, phone number and home address, information about the donor sperm, which you have been treated with (type and donor choice), results of treatment etc. is kept for 30 years after treatment to ensure traceability from donor to recipient and vice versa, which is a legal requirement, see the Danish Tissue Act § 12 and the Ministerial Order on tissue use §§ 16 and 21. We also store for the same period and according to the same legal basis, information about the partner’s name, personal identification number, as well as weight, height, smoking and alcohol habits.
If you send your personal data to us, but you do not receive insemination treatment with us, we operate with the following deletion deadlines:
- Personal data on customers who neither come to the clinic for examination nor treatment, will be deleted no later than 10 years after we receive the information.
- Personal data on customers, who have been to the clinic for an examination or similar, for example scanning, but without receiving insemination treatment, will be deleted no later than 10 years after the most recent addition to their journal, according to the Medical Record Keeping Act.
- If you log in to our website as a potential customer, we will delete your user profile and thus the information about your name and e-mail no later than 6 months after your last login to the website.
Circumstances may arise where we are obliged to keep your personal data for a longer period of time; for example, in connection with a complaint or a compensation claim.
Your rights
In accordance with the Data Protection Act, you have a number of rights in relation to Diers Klinik’s handling of your information. You may at any time exercise your rights. If you wish to exercise your rights, you should contact Diers Klinik.
Your rights are:
- The right to view your information (right of access)
You have the right to view the information that we process about you, as well as other additional information. - Right to rectification (correction)
You have the right to have inaccurate information about yourself corrected. Diers Klinik has a duty to respond to your request. - Right to deletion
In special cases, you have the right to have information deleted prior to the time the information would otherwise be deleted. Diers Klinik has a duty to respond to the request. - The right to limit the processing of information
In some cases, you have the right to limit the processing of your personal data. If you have the right to have processing limited, we must, in the future, only process information — except for storage – with your consent, or for the purpose of establishing, enforcing or defending a legal claim, or for protecting a person or important social interests. - Right to object
You have, in some cases, the right to object to our otherwise lawful treatment of your personal data.
You can read more about the rights in the Danish Data Protection Authority’s guidance on the rights of data subjects, which can be found at www.datatilsynet.dk (in Danish only)
Contact or complaints
If you have any questions regarding the processing of your personal data, your rights, or you want to make a complaint, please feel free to contact us.
Enquiries can be made to:
Diers Klinik ApS (CVR 33047991)
Store Torv 8, 3.
8000 Aarhus C
Director Liza Diers (email: info@diersklinik.dk)
Tel.: 2022 8587
If your query or complaint is not resolved, a complaint can subsequently be addressed to the Danish Data Protection Authority. The contact address can be found at www.datatilsynet.dk
Date: Version 23.06.2023.